Every October, we recognize Cybersecurity Awareness Month as a collaboration between the government and the private sector to help raise public awareness about cybersecurity. The goal is to empower everyone to protect their private data from being compromised by cybercriminals.
This year marks the 19th anniversary of Cybersecurity Month, which is co-led by the Cybersecurity and Infrastructure Security Agency (CISA) and the nonprofit National Cybersecurity Alliance. For 2022, the organizers are focused on raising awareness around four main security themes:
Enabling multi-factor authentication
Using strong passwords and a password manager
Recognizing and reporting phishing attacks
SlashNext CEO Patrick Harr provided his insights about how businesses and consumers can defend themselves by understanding the threats from phishing attacks. SlashNext’s cloud-based AI platform detects threats in real-time to prevent users from phishing, smishing, social engineering, ransomware, and malicious file downloads.
“We have seen phishing grow from targeted email attacks into a widespread multi-channel problem that has become the top security threat for both organizations and individuals,” Harr said. “In a phishing attack, the bad guys use emails, social media posts, or direct messages to trick people into clicking on a bad link or downloading a malicious attachment. When a phishing attack succeeds, the cybercriminals capture private data and personal information, or they may even install malware directly onto the device to facilitate ongoing attacks.
“These phishing attacks keep evolving with ever-more sophisticated techniques to hack humans, such as through rogue browser extensions, social engineering ploys, and malicious webpages hidden on legitimate infrastructure. In fact, 50,000 new spear-phishing sites go online every day, with many appearing on legitimate infrastructure such as Adobe.com or Dropbox.com. We have also seen a big increase in cyber threats hosted on legitimate Microsoft services that deliver phishing campaigns through Microsoft Teams, OneDrive, SharePoint, and OneNote.
“The best defense to protect against phishing is to remain aware of the problem. It is critical for users to pause for a few seconds to consider the legitimacy of any email or text message before clicking on a link or downloading an attachment. Here are some helpful questions to ask yourself, provided by the National Cybersecurity Alliance:
Does it contain an offer that’s too good to be true?
Does it include language that’s urgent, alarming, or threatening?
Is it poorly crafted writing riddled with misspellings and bad grammar?
Is the greeting ambiguous or very generic?
Does it include requests to send personal information?
Does it stress an urgency to click on an unfamiliar hyperlinks or attachment?
Is it a strange or abrupt business request?
Does the sender’s e-mail address match the company it’s coming from? Look for little misspellings like pavpal.com or anazon.com.
“Over the past decade, phishing has evolved from a general nuisance into a grave security threat that costs large U.S. businesses $14.8 million annually on average in financial losses and lost productivity,” Harr added. “Organizations should adopt automated security systems to identify and isolate phishing attacks before they can cause harm, while also training employees to recognize when they are being targeted by phishing attacks.”